Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


I. Threats to Accounting Information System

No description

hobie badongen

on 8 January 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of I. Threats to Accounting Information System

Control And

I. Threats to Accounting Information System

1. Natural and political disasters
fire or excessive heat
high winds

2. Errors and equipment malfunctions
hardware failures
power outages and fluctuations
undetected data transmission errors

3. Unintentional acts
accidents caused by human carelessness
innocent errors of omissions
lost or misplaced data
logic errors
systems that do not meet company needs

4. Intentional acts
computer fraud

II. Why AIS threats are increasing?

Control risks have increased in the last few years because:

There are computers and servers everywhere, and information is available to an unprecedented number of workers.

Distributed computer networks make data available to many users, and these networks are harder to control than centralized mainframe systems.

Wide area networks are giving customers and suppliers access to each other’s systems and data, making confidentiality a major concern.

III. Some vocabulary terms for this chapter:

is any potential adverse occurrence or unwanted event that could injure the AIS or the organization.

exposure or impact
of the threat is the potential dollar loss that would occur if the threat becomes a reality.

is the probability that the threat will occur.

Internal control
is the plan of organization and the methods a business uses to safeguard assets, provide accurate and reliable information, promote and improve operational efficiency, and encourage adherence to prescribed managerial policies.

IV. Control and security are important
Companies are now recognizing the problems and taking positive steps to achieve better control.

V. To use IT in achieving control objectives, accountants must:
Understand how to protect systems from threats.
Have a good understanding of IT and its capabilities and risks.

VI. One of the primary objectives of an AIS is to control a business organization.

VII. Management expects accountants to be control consultants

Taking a proactive approach to eliminating system threats; and
Detecting, correcting, and recovering from threats when they do occur.

VIII. Companies must react quickly to changing conditions and markets, including steps to:

Hire creative and innovative employees.
Give these employees power and flexibility

IX. Internal control is the process implemented by the board of directors, management, and those under their direction to provide reasonable assurance.

1. Assets (including data) are safeguarded.
This objective includes prevention or timely detection of unauthorized acquisition, use, or disposal of material company assets.

2. Records are maintained in sufficient detail to accurately and fairly reflect company assets.

3. Accurate and reliable information is provided.

4. There is reasonable assurance that financial reports are prepared in accordance with GAAP.

5. Operational efficiency is promoted and improved.
This objective includes ensuring that company receipts and expenditures are made in accordance with management and directors’ authorizations

6. Adherence to prescribed managerial policies is encouraged.

7. The organization complies with applicable laws and regulations.

X. Internal control is a process.

XI. Three Important Functions of Internal Controls

1. Preventive controls
Deter problems before they are
2. Detective controls
Discover problems quickly when
they do arise.

3. Corrective controls
Remedy problems that have
occurred by:
Identifying the cause;
Correcting the resulting errors; and
Modifying the system to prevent
future problems of this sort.

XII. CLASSIFICATION of Internal Controls

General controls
Those designed to make sure an organization’s control environment is stable and well managed.

Application controls
Concerned with accuracy, completeness, validity, and authorization of the data captured, entered into the system, processed, stored, transmitted to other systems, and reported.

XII. CLASSIFICATION of Internal Controls

1. General controls
Those designed to make sure an organization’s control environment is stable and well managed.

2. Application controls
Concerned with accuracy, completeness, validity, and authorization of the data captured, entered into the system, processed, stored, transmitted to other systems, and reported.

XIII. Foreign Corrupt Practices Act
to prevent the bribery of foreign officials to obtain business
significant effect was to require that corporations maintain good systems of internal accounting control

XIV. Sarbanes-Oxley Actof 2002 (aka SOX).
1. The intent of SOX is to:
Prevent financial statement fraud
Make financial reports more transparent
Protect investors
Strengthen internal controls in publicly-held companies
Punish executives who perpetrate fraud

XV. Important aspects of SOX

1. Creation of the Public Company Accounting Oversight Board (PCAOB) to oversee the auditing profession.
2. New rules for auditors
3. New rules for audit committees
4. New rules for management
5. New internal control requirements

XVI. Robert Simons has espoused four levers of controls to help companies reconcile this conflict.

1. A concise belief system
Communicates company core values to employees and inspires them to live by those values.

2. A boundary system
Helps employees act ethically by setting limits beyond which they must not pass.
3. A diagnostic control system
Ensures efficient and effective achievement of important controls.
4. An interactive control system
Helps top-level managers with high-level activities that demand frequent and regular attention

XV. Three of the most important framework in good internal control system:
1. The COBIT framework
Also known as the Control Objectives for Information and Related Technology framework.
Developed by the Information Systems Audit and Control Foundation (ISACF).

A framework of generally applicable information systems security and control practices for IT control.

The framework addresses the issue of control from three vantage points or dimensions.
1. Business objectives
The criteria are divided into seven distinct yet overlapping categories that map into COSO objectives:
Effectiveness (relevant, pertinent, and timely)
Compliance with legal requirements

2. IT resources Includes:

Application systems

3. IT processes

Broken into four domains:
Planning and organization
Acquisition and implementation
Delivery and support

COSO’s internal control model has five crucial components:
1. Control environment
The core of any business is its people.
Their integrity, ethical values, and competence make
up the foundation on which everything else rests.

2. The COSO internal control framework
The Committee of Sponsoring Organizations (COSO) is a private sector group consisting of:
The American Accounting Association
The Institute of Internal Auditors
The Institute of Management Accountants
The Financial Executives Institute

2. Control activities
Policies and procedures must be established and executed to ensure that actions identified by management as necessary to address risks are, in fact, carried out.
3. Risk assessment
The organization must be aware of and deal with the risks it faces.
It must set objectives for its diverse activities and establish mechanisms to identify, analyze, and manage the related risks.
4. Information and communication
Information and communications systems surround the control activities.
They enable the organization’s people to capture and exchange information needed to conduct, manage, and control its operations.
5. Monitoring
The entire process must be monitored and modified as necessary.

3. COSO’s Enterprise Risk Management framework (ERM)
-An enhanced corporate governance document.
-Expands on elements of preceding framework.
-Provides a focus on the broader subject of enterprise risk management.
ERM defines risk management as:
A process effected by an entity’s board of directors, management, and other personnel.
Applied in strategy setting and across the enterprise.
To identify potential events that may affect the entity.
And manage risk to be within its risk appetite.
In order to provide reasonable assurance of the achievement of entity objectives.

-Basic principles behind ERM:
Companies are formed to create value for owners.
Management must decide how much uncertainty they will accept.
Uncertainty can result in:
The possibility that something will happen to:
Adversely affect the ability to create value; or
Erode existing value.
The possibility that something will happen to positively affect the ability to create or preserve value.

COSO developed a model to illustrate the elements of ERM.

1. Strategic objectives are high-level goals that are aligned with and support the company’s mission.

2. Operations objectives deal with effectiveness and efficiency of company operations, such as:
Performance and profitability goals
Safeguarding assets

3. Reporting objectives help ensure the accuracy, completeness, and reliability of internal and external company reports of both a financial and non-financial nature.

4. Compliance objectives help the company comply with applicable laws and regulations.
External parties often set the compliance rules.
Companies in the same industry often have similar concerns in this area.

V. Columns on the right represent the company’s units:
Entire company
Business unit
VI. The horizontal rows are eight related risk and control components, including:
Internal environment
The tone or culture of the company.
Objective setting
Ensures that management implements a process to formulate strategic, operations, reporting, and compliance objectives that support the company’s mission and are consistent with the company’s tolerance for risk.

Event identification
Requires management to identify events that may affect the company’s ability to implement its strategy and achieve its objectives.
Risk assessment
Identified risks are assessed to determine how to manage them and how they affect the company’s ability to achieve its objectives.
Risk response
Management aligns identified risks with the company’s tolerance for risk by choosing to:

The ERM model is three-dimensional
Means that each of the eight risk and control elements are applied to the four objectives in the entire company and/or one of its subunits.

Control activities
To implement management’s risk responses, control policies and procedures are established and implemented throughout the various levels and functions of the organization.
Information and communication
Information about the company and ERM components must be identified, captured, and communicated so employees can fulfill their responsibilities.
ERM processes must be monitored on an ongoing
basis and modified as needed
Full transcript